Spam Control

(Approved by the IEEE-USA
Board of Directors, 13 Nov. 2003)

Unsolicited bulk e-mail (spam) is a rapidly growing problem that directly and adversely affects U.S. competitiveness and the profitability of large and small companies. Spam imposes costs and consumes a great deal of time of almost everyone who receives email. Spam goes beyond just causing economic or competitiveness problems and can arrive as an illegal scam, such as a medical product offering, or simply an e-mail message that is generally considered obscene or offensive.

IEEE-USA recommends that the Federal government enact legislation to effectively reduce the impact of spam and to encourage Internet service providers (ISPs) to become more aggressive in finding technical and network management measures that reduce the amount of spam. IEEE-USA proposes that such spam legislation support technologies that are distributed, transparent, interoperable and subject to personalization by the end-user. This legislation should also:

• Provide criminal and civil penalties for violating spam regulations, especially penalties for spam containing fraudulent sender information or criminally fraudulent claims.

• Specify the need for additional and valid header information that would indicate if the e-mail is being sent to multiple recipients. An example of visible and easily interpreted spam notification would be to insert words such as "Spam alert" or "Multiple addressees" in the subject line of emails, which would clearly notify receivers that the email was sent to a large number of addressees. E-mail headers should contain information that uniquely identifies the sender (i.e., a sender's e-mail address both as the domain name and numeric address of the machine or site sending the mail such as its Media Access Control (MAC) address and Internet Protocol (IP) address). Such e-mail headers would provide ISPs and end-users with more information with which to filter spam and to identify those senders who falsify such information.

• Encourage ISPs to establish and enforce acceptable-use policies for all their customers. Such policies should strive to reduce or limit spam by providing the means for identifying and eliminating e-mail with fraudulent "sender" information before the customer receives it. Legislation should offer ISPs an incentive for reducing spam and encourage the development of methods for measuring success.

• Encourage industry to adopt "Best Practice" Guidelines for commercial e-mail. IEEE-USA recommends that such guidelines should adopt an "opt-in" approach instead of relying on "opt-out". Joining a membership organization would be an example of "opt-in." In addition, best practice guidelines should offer a valid mechanism for an e-mail recipient to opt-out of all future bulk emails from senders who the recipient identifies, including senders affiliated directly or indirectly with the identified sender. These opt-out requests should be acted upon within a reasonable time period. Best practices should also include an agreement that senders will not share, rent or sell e-mail addresses to any third party without an explicit recipient agreement for that sharing. Finally, the guidelines should require the establishment and use of a nation-wide "do not spam" database whereby bulk e-mail is not sent to individuals who place their address in the "do not spam" database. Valid bulk e-mailers will respect requests in such a database.

This statement was developed by the IEEE-USA Committee on Communications Policy and represents the considered judgment of a group of U.S. IEEE members with expertise in the subject field. IEEE-USA is an organizational unit of The Institute of Electrical and Electronics Engineers, Inc., created in 1973 to advance the public good, while promoting the careers and public-policy interests of the more than 235,000 electrical, electronics, computer and software engineers who are U.S. members of the IEEE. The IEEE is the world's largest technical professional society. For more information, go to http://www.ieeeusa.org.

BACKGROUND

Even though the preponderance of spam originates in the U.S., solutions to the spam problem must relate to the worldwide nature of the Internet. Technical and other solutions for solving the spam problem require that spam become unprofitable or blocked.

It is further necessary to ensure that deceptive email practices not allowed in traditional commerce should not be allowed on-line, with special consideration due to the international nature of the Internet. Deceptive practices that should be prohibited include falsifying the return address (e.g., making the e-mail appear as if it were from another sender) and providing misleading instructions for removal from email distribution lists.

It is critical that spam regulations empower consumers and not hinder the innovation, debate and growth powered by the Internet. The economic prospects of our society depend on innovation and growth driven by the information infrastructure. Spam rules written upon unsound foundations will hamper that growth.

For these reasons, IEEE-USA supports ISPs providing users with spam-management tools as a default. IEEE-USA proposes that the initial default be permission-based mailing software

In order to minimize the possibilities of unwanted and unanticipated implications based on selected technical choices for eliminating spam, IEEE-USA suggests that a combination of technical measures and network management policies be deployed.

Technical Measures

No single technical solution solves the spam problem in an economical, practical or politically acceptable way, or without major impact on the network and its use. Spam traffic and size can be significantly reduced by following these suggestions:

• License spam originators, including the users of open re-mailers and establish a set of standards related to bulk emails. This effort will be supported by legitimate originators of bulk email who will ultimately benefit from improvements in the Internet and growth in user satisfaction.

• Support the rights of Internet users by developing regulations that allow end users to limit and control their own exposure to spam. In this regard, it is vital for users to be able to find information of interest, to publish freely, and to avoid troublesome information.

Spam regulations should also take into account the following necessary technical characteristics of filters: Distributed, Transparent, Interoperable, and Alterable (i.e., subject to personalization by the end-user). Each is described below.

Distributed: Filtering should be distributed throughout the Internet and occur as close as possible to the end-user (hereafter "user"). Users must be able to select their own standards and preferences for filtering rather than relying on a single national database for controlling who can contact them. This is somewhat attempted by the "junk fax" law that attempts permission-based faxing, where all unsolicited faxes are deemed unacceptable. (One can still receive unauthorized faxes, but there is a "real" opt-out mechanism). In contrast, telephony regulations provide "do not call" lists that let the user opt-out of receiving unsolicited calls from telemarketers

The need for distributed filtering is illustrated presently by Internet Service Providers (ISPs) who commonly only filter with an awareness of a specific phrase in an email that is going to a multitude of locations. For example, an ISP may notice that an e-mail with the same subject heading is going to 20 percent of its mailboxes and might be tempted to stop delivery of all of those messages, because of the obvious bulk-mailing. However, that e-mail might in fact be a political or commercial message desired by the users. The ISP cannot know what percentage of users would prefer to get the message.

Distributed filtering may eventually provide a means for decreasing spam related to criminal and fraudulent offers. Most recipients do not desire to receive criminal and fraudulent offers; yet there is no automated mechanism for recognizing fraudulent offers. (The ones that can be recognized still manage to come through via deceptive methods; thus, special filtering may be required.)

Distributed filtering of email would also allow users to eliminate spam from any unwanted commercial contact. One simple way to reduce the amount of unsolicited commercial e-mail is to require that on-line businesses delete customer accounts upon a single request from the customer. This could be provided with a box that allows users to indicate whether or not they wish to receive advertising from the on-line business or its related companies.

A form of distributed email filtering that is supported by both marketers and users is permission-based (opt-in) e-mail. However, permission-based e-mail capability must be integrated into the e-mail program (the client or the server) to be useful to the user. Therefore, it is possible that permission-based e-mail may require regulatory intervention.

Transparent: ISP and other provider rules for inclusion or exclusion of email transactions must not be transparent to the user. In other words, consumers must know the decision process used for inclusion or exclusion of a particular mail. Users should be able to read clearly worded policies that describe how their mail is included or excluded. Users should be able to adjust the acceptance or refusal of e-mail according to their personal preferences. Thus, users should know when their e-mail is being blocked, and ideally why and by whom. If an ISP has a size limit on a "first time" bulk e-mail message guidelines should be provided for creation of a message either as an invitation to receive future e-mails via opt-in details or as a reference to a web page that provides further information. Interested recipients could then initiate further contact. This would significantly reduce potential spam traffic while continuing the basic connectivity, if desired, between the originator and the recipient.

Interoperable: Interoperable spam filtering must be implemented so that any user can continue to send e-mail to any person connected to the Internet. For instance, the development of proprietary e-mail solutions that seek to block out emails to/from competitors' products are tempting for market leaders yet damaging to the network, the market, and the society of network users and should be outlawed.

Alterable: Spam filtering definitions should be alterable, allowing users to be able to add and delete sources of e-mail for their own inboxes at will. Without having the power to continually alter filters for e-mail, users will be subject to innovative filter bypasses resulting in growing amounts of information from providers around the world.

Network Management

Network management regulations that reduce financial incentives encouraging spam need to be developed. This will make it harder for spam purveyors to economically purchase the services necessary for their work. Such regulations are possible since the identities of network providers who are associated with large volumes of spam are well known and all spam must originate at some point in the network and pass through one or more known backbone providers before reaching its intended destination

Conclusion

IEEE-USA seeks to minimize the origination and delivery of non-compliant spam without impeding the free flow of Internet traffic while respecting the receiver's right not to be subjected to unwanted e-mail.

Given practical and rapid deployment of potential short-term solutions, it is clear that changing the generic Internet may be viable only as a long-term solution. Certain domestic legal and monetary incentives (positive or negative) would help in reducing some spam. Forcing certain ISPs to eliminate the transmission or re-transmission of mail above a certain threshold limit from known spam originators, or from a single source, could be a partial solution to reducing the volume of unwanted traffic.

Solutions to the spam problem must enable the recipient to minimize the amount of unwanted messages arriving at the reception point. To this end, the originators and the transporters must be held liable to ensure that unwanted bulk messages will be curtailed.

| Top of Page | Position Statements | Policy Forum | IEEE-USA |

Last Updated: 17 November 2003
Staff Contact: Bill Williams, bill.williams@ieee.org

Copyright © 2003 The Institute of Electrical and Electronics Engineers, Inc.
Permission to copy granted for non-commercial uses with appropriate attribution.